<?php
	session_start();
	include("../../include/dbconnect.php");
	extract($_POST);
	$table="quyen";
	$strdk=" where $table.un='$un' and $table.mamod='$mamod'";
	
	$SQL="select * from modules where ma='$mamod'";
	$result=mysql_query($SQL,$conn) or die($SQL);
	$a=mysql_fetch_array($result);
	$tenmod=$a['ten'];
	mysql_free_result($result);
	
	header("Content-Type: text/xml");
	echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
	echo "<$table>";
	if($_SESSION["un"]=="")
	{
		echo "<status>fail</status>";
		echo "<count>0</count>";
		echo "<message>Chưa đăng nhập !</message>";
	}
	else 
	{
		if($un=="admin")
		{
			echo "<row id='",$un.$mamod,"'>";
			echo "<cell>",$un.$mamod,"</cell>"; //0
			echo "<cell>",$mamod,"</cell>"; //1
			echo "<cell>C</cell>"; //2
			echo "<cell>C</cell>"; //3
			echo "<cell>C</cell>"; //4
			echo "<cell>C</cell>"; //5
			echo "<cell>",$tenmod,"</cell>"; //6
			echo "</row>";		
		}
		else
		{
			$SQL="SELECT account.*,groups.ten as tengroups FROM account inner join groups on account.magrp=groups.ma where un='$un'";
			$result=mysql_query($SQL,$conn) or die($SQL);
			$aacount=mysql_fetch_array($result);
			mysql_free_result($result);
			
			if(is_null($aacount["magrp"]))
			{
				$SQL="SELECT $table.*,modules.ten as tenmod FROM ";
				$SQL=$SQL."($table inner join modules on ($table.mamod=modules.ma)) ";
				$SQL = $SQL."$strdk";  
				$result=mysql_query($SQL,$conn) or die($SQL);
				echo "<status>ok</status>";
				echo "<count>",mysql_num_rows($result),"</count>";
				echo "<message>OK</message>";	
				if($a=mysql_fetch_array($result))
				{
					echo "<row id='",$a["id"],"'>";
					echo "<cell>",$a["id"],"</cell>"; //0
					echo "<cell>",$a["mamod"],"</cell>"; //1
					echo "<cell>",$a["select_r"],"</cell>"; //2
					echo "<cell>",$a["insert_r"],"</cell>"; //3
					echo "<cell>",$a["update_r"],"</cell>"; //4
					echo "<cell>",$a["delete_r"],"</cell>"; //5
					echo "<cell>",$a["tenmod"],"</cell>"; //6
					echo "</row>";
				}
				else
				{
					echo "<row id='",$un.$mamod,"'>";
					echo "<cell>",$un.$mamod,"</cell>"; //0
					echo "<cell>",$mamod,"</cell>"; //1
					echo "<cell>K</cell>"; //2
					echo "<cell>K</cell>"; //3
					echo "<cell>K</cell>"; //4
					echo "<cell>K</cell>"; //5
					echo "<cell>",$tenmod,"</cell>"; //6
					echo "</row>";
				}
				mysql_free_result($result);
			}
			else
			{
				$sql1="select * from quyen where magrp=".$aacount["magrp"]." and mamod='$mamod'";
				$rs=mysql_query($sql1,$conn) or die($sql1);
				if($aquyen=mysql_fetch_array($rs))
				{
					echo "<row id='",$a["id"],"'>";
					echo "<cell>",$a["id"],"</cell>"; //0
					echo "<cell>",$a["mamod"],"</cell>"; //1
					echo "<cell>",$aquyen["select_r"],"</cell>"; //2
					echo "<cell>",$aquyen["insert_r"],"</cell>"; //3
					echo "<cell>",$aquyen["update_r"],"</cell>"; //4
					echo "<cell>",$aquyen["delete_r"],"</cell>"; //5
					echo "<cell>",$a["tenmod"],"</cell>"; //6
					echo "</row>";
				}
				else
				{
					echo "<row id='",$un.$mamod,"'>";
					echo "<cell>",$un.$mamod,"</cell>"; //0
					echo "<cell>",$mamod,"</cell>"; //1
					echo "<cell>K</cell>"; //2
					echo "<cell>K</cell>"; //3
					echo "<cell>K</cell>"; //4
					echo "<cell>K</cell>"; //5
					echo "<cell>",$tenmod,"</cell>"; //6
					echo "</row>";
				}
				mysql_free_result($rs);
			}
		}
	}

	echo "</$table>";
	include("../../include/dbclose.php");
?>